Skip to main content
CVE-2023-2732 CRITICAL POC PATCH THREAT Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.0%.

WordPress Authentication Bypass Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
90.0%
Threat
6.2
CVE-2023-2734 CRITICAL POC PATCH THREAT Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.3%.

Authentication Bypass WordPress Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
60.3%
Threat
5.3
CVE-2023-2733 CRITICAL PATCH Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-2851 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ceppatron
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2884 CRITICAL Act Now

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.0.3.4 Panel:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2882 CRITICAL Act Now

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2887 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-32074 CRITICAL PATCH Act Now

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33280 CRITICAL Act Now

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Quickaccounting
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33279 CRITICAL Act Now

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scfixmyprestashop
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33278 CRITICAL Act Now

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Customers Export
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy